dgraph ratel has a cookie injection problem
Can you elaborate?
After security scanning, there is a medium-risk vulnerability. The specific description information is:
The remote host is running a web server and cannot adequately clean up the malicious JavaScript request string. By exploiting this vulnerability, an attacker may inject arbitrary cookies. Depending on the structure of the web application, this mechanism can be used to initiate a “session fixation” attack.
can you check it
Well, Ratel doesn’t use any cookie session to restrict things. It uses to record URLs and such. Ratel is just a web application with no fancy cookie handling. There’s no way to exploit(“as far as I know”) it cuz it is a passive application.
Cheers.
thx